This occasionally happens when upgrading from a much older Citadel system that generated a key and self-signed certificate using older code. The key and certificate are kept in the keys/ subdirectory. If you have a self-signed certificate that you don't care about, you can simply delete all three files in that directory, and the newer Citadel code will generate a new private key and self-signed certificate.

Alternately, you can follow these instructions for generating a new key and cert using the OpenSSL command line tool.